ASP.NET Windows Authentication Impersonation - asp.net

I am trying to figure out how to implement an ASP.NET page with Windows Authentication without getting that annoying IIS login box.
I currently have 3 domains in my network so all the people logging in would have to prefix their user names with the domain. This is not user friendly. I would like to have a custom login page that would have a domain combo box.
Most examples I found implement this using Form security, however I need Windows Authentication since I want to connect to the SQL server using Integrated Authentication rather than a hard coded user name and password.
Does anyone know of a good article or sample code that shows how to implement this?

The following links to an article that explains how to authenticate a windows user using forms authentication, it uses a call to the native win32 api function LogonUser to acheive this. This way you can design your own custom login page with a drop down list to select a domain. Take a look, perhaps it will help.
Windows Authentication using Form Authentication

To get this setup so you don't have the authentication prompt, you are going to need to have the domains trust the accounts from one another. This article should get you pointed in the right direction:
http://technet.microsoft.com/en-us/library/cc787646%28WS.10%29.aspx

Related

ASP.NET Mixed authentication IIS 8

I'm trying to create an application that mixes windows authentication with forms authentication. The idea is simple: whenever the browser is able to use NTLM and the user has permissions, then he should be automatically logged in. When that doesn't happen, the user must be redirected to a page that shows a login form. I've found an old article (http://mvolo.com/iis-70-twolevel-authentication-with-forms-authentication-and-windows-authentication/) and I've also found a sample online (https://github.com/patuww/P2000DemonstrationProjects/tree/master/MultiAuthExample) which should be able to solve my problem.
Unfortunately, it's not working and I was wondering if there's any more info about this.
Thanks.
Luis

Simple login/security for an Azure asp.net site (without db)?

I have a demo site that requires a simple login security similar to basic authenication. When a url is entered, a login popups and prompts for username/password. Unfortunately, basic authentication is not available in Azure. Something that requires very little code and I can just store my username/password in the webconfig.
First, basic authentication is always customizable, it doesn't necessary mean that Windows accounts are used. You can pretty much plug your custom membership provider here, as I've blogged once:
http://www.wiktorzychla.com/2013/11/basic-authentication-module-with-custom.html
Second, using forms authentication with a custom membership provider is always a simple option. In your provider, passwords can be read from anywhere.

digest authentication with custom login

I am working on a project of developing a web UI. The project requires .NET implementation. I currently published the website on Windows server 2008 with IIS 7.5 for testing. The project asks for and login/out page as the entrance to the main UI. The login/out page should asks for username and password with some security questions. And it also enables user to change and save the password. The authentication technique has to be implemented using digested authentication.
I have already tested the digest authentication after enabling it in IIS. It works good with popping up a window asking for the username and password.However, I have a doubt whether the digest authentication allows for customized login/out page and ability of changing and saving the password (which will most likely be realized with form authentication to the best of my knowledge). I believe there might be (or not?) some ways of doing it, anyone can guide me to some references or sample codes?
Try this article: http://www.eggheadcafe.com/articles/20030701.asp
And maybe this one: http://msdn.microsoft.com/en-us/library/Ee817643%28pandp.10%29.aspx

How can I use an ASP.NET MembershipProvider to carry over users' session data stored in cookies set by ColdFusion?

I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.
Thanks in advance for any help. Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
Not sure if this is what you're looking for:
FormsAuthentication.SetAuthCookie("the username goes here",false);
Reference
I'm a CF developer ususally, but we had to do some integration with a .NET application recently and the way we approached it was to keep the CF and .NET sessions separate but ensure that login happened on both so when the user moved from one to the other they were still logged in.
So is there perhaps a way for you to hit your ASP.NET application with a request to login a user when you login using the CF application? Perhaps you could have an iframe on the page that you can load when the CF login is complete that holds a login service for the .NET app?
This way you would not need to worry about one app server reading the other app server's cookies, instead there would be two sets of cookies, one for ASP and one for CF.
Hope that helps!
The way I would approach it, is I would have a specific page that acts as a liaison between the CF and .NET layer. That page would implement your business layer and just check to see if the Cookie is there, if so read it in, do the lookup and login the user or whatever business logic that needs to be done. How would you accomplish the login/authentication, well that’s all based on your login/authentication code.
The only link I can offer is the basic of cookies in ASP.net
http://msdn.microsoft.com/en-us/library/aa289495(v=vs.71).aspx
Edit: found another link that might be helpful.
http://www.aspnettutorials.com/tutorials/network/cookies-csharp.aspx

ASP.NET Login roles?

I need to secure my website without using the ASP.NET built in login controls or the Forms Authentication.
Its need to support "normal" users and admin users.
Any suggestion? Thanks
Well, it's impossible to build anything in ASP.NET without a tag = )
I can't tell exactly what you are asking, so I will try to go over the whole groundwork.
ASP.NET Provides Different Authentication Models
You can use ASP.NET's built in authentication with Membership and Roles
You can write your own ASP.NET membership model
You can use another ASP.NET authentication model, such as Shibboleth, Windows/IIS, and others, see JD's post.
You can skip all of these and use your own "authentication", perhaps it is stored as a simple Session variable
ASP.NET Provides Different Controls
There is a handly Login control that integrated with ASP.NET's built in membership making things very easy.
If you don't want to use that, you can simply use ASP TextBoxes, Buttons, etc, and basically create your own login form.
In adition to JD's and rlb.usa's posts you can also use opemid or windowslive id authentication perhaps. both of these have membership providers for asp.net. Checkout Codeplex for those; however if you want a truly customazieable solution perhaps its best for you as rlb.usa pointed out a simple session variable solution.
Perhaps you want to use Windows Authentication (rather than Forms Authentication) with ASP.NET? You should choose Windows authentication if your user accounts are maintained by a domain controller or within Active Directory and there are no firewall issues. I think this is what you are after. Here's a decent write up.
Umm, a quick response is for you to checkout Authentication features provided by IIS. These include Kerbros, NTLM, Basic Auth, just to name a few.

Resources